Adds IP entries to a network access control list (ACL).

Usage notes

  • Each ACL can contain one or more IP addresses or CIDR blocks. Take note of the following limits on ACLs:
    • The maximum number of IP entries that can be added to an ACL with each Alibaba Cloud account at a time: 20
    • The maximum number of IP entries that each ACL can contain: 1,000
  • The AddEntriesToAcl operation is asynchronous. After you send a request, the system returns a request ID, but the operation is still being performed in the background. You can call the ListAclEntries operation to query the status of an IP entry:
    • If the ACL is in the Adding state, the IP entry is being added.
    • If the ACL is in the Available state, the IP entry is added.

Debugging

OpenAPI Explorer automatically calculates the signature value. For your convenience, we recommend that you call this operation in OpenAPI Explorer. OpenAPI Explorer dynamically generates the sample code of the operation for different SDKs.

Request parameters

Parameter Type Required Example Description
Action String Yes AddEntriesToAcl

The operation that you want to perform.

Set the value to AddEntriesToAcl.

AclId String Yes nacl-hp34s2h0xx1ht4nwo****

The ID of the ACL.

AclEntries.N.Description String No test-entry

The description of the IP entry. The description must be 2 to 256 characters in length, and can contain letters, digits, and the following special characters: , . ; / @ _ -.

You can add up to 20 IP entries in each call.

AclEntries.N.Entry String Yes 10.0.1.0/24

The CIDR block of the IP entry.

You can add up to 20 IP entries in each call.

ClientToken String No 5A2CFF0E-5718-45B5-9D4D-70B3FF3898

The client token that is used to ensure the idempotence of the request.

You can use the client to generate the value, but you must make sure that it is unique among different requests. ClientToken can contain only ASCII characters.

Note If you do not set this parameter, the system uses RequestId as ClientToken. The value of RequestId may be different for each API request.
DryRun Boolean No false

Specifies whether to check the request without performing the operation. Valid values:

  • true: checks the request without performing the operation. The system checks the required parameters, request syntax, and limits. If the request fails the check, an error message is returned. If the request passes the check, the DryRunOperation error code is returned.
  • false (default): sends the request. If the request passes the check, an HTTP 2xx status code is returned and the operation is performed.

Response parameters

Parameter Type Example Description
JobId String 72dcd26b-f12d-4c27-b3af-18f6aed5****

The ID of the asynchronous task.

RequestId String 365F4154-92F6-4AE4-92F8-7FF34B540710

The ID of the request.

Examples

Sample requests

http(s)://[Endpoint]/?Action=AddEntriesToAcl
&AclId=nacl-hp34s2h0xx1ht4nwo****
&AclEntries=[{"Description":"test-entry","Entry":"10.0.1.0/24"}]
&ClientToken=5A2CFF0E-5718-45B5-9D4D-70B3FF3898
&DryRun=false
&Common request parameters

Sample success responses

XML format

HTTP/1.1 200 OK
Content-Type:application/xml

<AddEntriesToAclResponse>
    <JobId>72dcd26b-f12d-4c27-b3af-18f6aed5****</JobId>
    <RequestId>365F4154-92F6-4AE4-92F8-7FF34B540710</RequestId>
</AddEntriesToAclResponse>

JSON format

HTTP/1.1 200 OK
Content-Type:application/json

{
  "JobId" : "72dcd26b-f12d-4c27-b3af-18f6aed5****",
  "RequestId" : "365F4154-92F6-4AE4-92F8-7FF34B540710"
}

Error codes

HttpCode Error code Error message Description
400 ResourceAlreadyExist.AclEntry The specified resource %s already exists. The error message returned because the specified %s resource already exists.
400 ResourceQuotaExceeded.AclEntriesNum The quota of %s is exceeded for resource %s, usage %s/%s. The error message returned because the quota %s of the specified resource %s is exhausted. The current usage is %s.
404 ResourceNotFound.Acl The specified resource %s is not found. The error message returned because the specified resource %s does not exist.

For a list of error codes, visit the Error Center.